Connect using Public IP

This page summarizes how to connect to databases served by AlloyDB for PostgreSQL using Public IP.

You can configure your AlloyDB instance to have a public IPv4 address and accept connections from specific external IP addresses or a range of addresses, called authorized external networks. These authorized networks are only available when using public IP. You can't specify a private network as an authorized network.

AlloyDB only supports inbound connections. You can configure your instance for outbound public IP connectivity using private IP and an intermediary VM. For more information on outbound connections, see connect to a cluster from outside its VPC.

Enable public IP on an instance

When you enable public IP on your instance, AlloyDB configures the instance with a public, static IPv4 address. You can also provide a comma-separated list of authorized networks that can connect to your instance using the public IPv4 address.

You can either:

• Only enable public IP
• Both enable public IP and add authorized networks to your instance

To enable public IP, run the following command:

gcloud beta alloydb instances update INSTANCE_ID \
    --cluster=CLUSTER_ID  \
    --region=REGION_ID  \
    --assign-inbound-public-ip=ASSIGN_IPV4

To enable public IP and add authorized networks to your instance, run the following command:

gcloud beta alloydb instances update INSTANCE_ID \
    --cluster=CLUSTER_ID  \
    --region=REGION_ID  \
    --assign-inbound-public-ip=ASSIGN_IPV4 \
    --authorized-external-networks=CIDR_RANGE1,CIDR_RANGE2,...

Disable public IP on an instance

When you disable public IP on your instance, AlloyDB removes the public IP address from your instance and clears the authorized networks list. Authorized networks can only be used with public IP.

To disable public IP, run the following command:

gcloud beta alloydb instances update INSTANCE_ID \
    --cluster=CLUSTER_ID  \
    --region=REGION_ID  \
    --assign-inbound-public-ip=NO_PUBLIC_IP

Update the authorized networks for an instance

You can update the list of authorized networks on your instance at any time. Public IP must be enabled on your instance when updating the authorized networks list.

Authorized networks can't be added or removed individually, and the networks list is overridden each time the update list command is run. To update authorized networks on your instance, you'll need to provide a comma-separated list of all authorized networks each time you want to add or remove a network. Each authorized network must be in CIDR format.

To update the list of authorized networks on your instance, run the following command:

gcloud beta alloydb instances update INSTANCE_ID \
    --cluster=CLUSTER_ID  \
    --region=REGION_ID  \
    --authorized-external-networks=CIDR_RANGE1,CIDR_RANGE2,...

View public IP address and authorized external network for an instance

You can view the list of authorized networks on your instance at any time and the assigned public IP address using the gcloud alloydb instances describe command.

To view the list of authorized networks, run the following command:

gcloud beta alloydb instances describe $INSTANCE_ID \
--cluster=CLUSTER_ID \
--region=REGION_ID

What's next

• Connection overview
• Connect using the AlloyDB Auth Proxy